IEEE Spectrum July, 2011 - 8
spectral lines
T
his has been a banner
year for high-profile
cybersecurity disasters,
with no letup in sight. So
far, there have been 251 data
breaches-a record-setting
pace. Sony's PlayStation and
Entertainment Networks
have been repeatedly hacked,
with more than 100 million of
the company's user accounts
compromised and its online
gaming halted for several
weeks. A security breach
at the Internet marketing
company Epsilon resulted in
millions of customers' e-mail
addresses being taken from
about 100 major corporations,
including Disney Destinations
in the United States and Dell
in Australia. A cyberintrusion
at Nonghyup, South Korea's
main agricultural cooperative,
crashed its banking systems
for a week and kept 30 million
customers from accessing
their accounts. Blackmailers
broke into the financial
8
systems of Hyundai Capital,
accessed the personal details
of 1.75 million customers,
and then demanded
US $460 000 to keep the
purloined information from
being made public.
Then there are the
targeted attacks against
security vendors like
Comodo and RSA. A hacker
fooled a Comodo group
affiliate into issuing Internet
SSL certificates to some of
the world's largest websites,
including Google, Microsoft,
Mozilla, Skype, and Yahoo.
A partially successful attack
against RSA's two-factor
authentication security
product SecurID, which is
used by 30 000 organizations
around the world, has
led to "significant and
tenacious" attacks against
a number of major U.S.
defense contractors,
including the world's
largest, Lockheed Martin.
NA * iEEE SpEctrum * July 2011
breach; I received five such
e-mails in one week. Social
media like Twitter have
increased the reporting of
these cyberincidents.
No one should be
surprised by the number
or the magnitude of
successful cyberintrusions.
The Internet was not built
with security in mind.
Regrettably, most IT
systems and applications that
connect to the Internet were
not developed with security
in mind either, nor has there
been much incentive to do
so. A recent survey of cloudcomputing providers by the
Ponemon Institute, for example, indicates that the majority of providers don't believe
security is their responsibility, nor do they see their customers demanding security or
being willing to pay for it.
It's important to keep the
relative risk in perspective.
It will be a while before a
cybersecurity incident by
itself will be able to create
damage on a par with a
Joplin, Mo., tornado, let alone
a Fukushima tsunami. Right
now, as Howard Schmidt, the
White House cybersecurity
coordinator, says, cyberattacks are just the risk of
doing business. Sadly, only
when the risk of cyberattacks
becomes unaffordable will
cybersecurity be taken
seriously. -Robert N. Charette
RobeRt N. ChaRette, an
IEEE Spectrum contributing
editor, is a self-described "risk
ecologist" who investigates the
impact of the changing concept of
risk on technology and societal
development.
this article is adapted
from several posts he wrote for
Spectrum's Risk Factor blog.
spectrum.ieee.org
iStockphoto
More Cyberattacks or Just
More Media Attention?
There have also been
successful cyberintrusions
against government computer
systems in Australia, Canada,
France, and the United States.
The Canadian break-in caused
its treasury board as well as
its department of finance to
restrict access to the Internet
for months, while the breach
in Australia apparently
allowed access to the personal
e-mail accounts of several top
officials, possibly even that of
Prime Minister Julia Gillard.
So are the number of
cyberattacks increasing, or
are we just more aware of
them? The answer seems to
be both.
Data from organizations
monitoring cybersecurity
activity indicate significant
increases in the frequency
of attacks over the past
five years-especially
against government IT
systems. Last year British
government systems saw
more than 650 attempted
intrusions per day, while U.S.
government systems received
15 000 suspicious hits per day,
or about one every 6 seconds.
A typical bank like Citigroup,
which was breached in May,
sees an average of about
30 000 probes a day.
While the cyberattack
trend is going up, the impact
of these attacks has also
increased. This year's cyberintrusions are international in
nature, long lasting, and economically material, generating prolonged media attention.
Furthermore, tens of millions of individuals around
the world have been made
personally aware of many of
the attacks. Millions of people,
for example, received apologetic e-mails from the companies affected by the Epsilon
�
http://spectrum.ieee.org
Table of Contents for the Digital Edition of IEEE Spectrum July, 2011
IEEE Spectrum July, 2011 - Cover1
IEEE Spectrum July, 2011 - Cover2
IEEE Spectrum July, 2011 - 1
IEEE Spectrum July, 2011 - 2
IEEE Spectrum July, 2011 - 3
IEEE Spectrum July, 2011 - 4
IEEE Spectrum July, 2011 - 5
IEEE Spectrum July, 2011 - 6
IEEE Spectrum July, 2011 - 7
IEEE Spectrum July, 2011 - 8
IEEE Spectrum July, 2011 - 9
IEEE Spectrum July, 2011 - 10
IEEE Spectrum July, 2011 - 11
IEEE Spectrum July, 2011 - 12
IEEE Spectrum July, 2011 - 13
IEEE Spectrum July, 2011 - 14
IEEE Spectrum July, 2011 - 15
IEEE Spectrum July, 2011 - 16
IEEE Spectrum July, 2011 - 17
IEEE Spectrum July, 2011 - 18
IEEE Spectrum July, 2011 - 19
IEEE Spectrum July, 2011 - 20
IEEE Spectrum July, 2011 - 21
IEEE Spectrum July, 2011 - 22
IEEE Spectrum July, 2011 - 23
IEEE Spectrum July, 2011 - 24
IEEE Spectrum July, 2011 - 25
IEEE Spectrum July, 2011 - 26
IEEE Spectrum July, 2011 - 27
IEEE Spectrum July, 2011 - 28
IEEE Spectrum July, 2011 - 29
IEEE Spectrum July, 2011 - 30
IEEE Spectrum July, 2011 - 31
IEEE Spectrum July, 2011 - 32
IEEE Spectrum July, 2011 - 33
IEEE Spectrum July, 2011 - 34
IEEE Spectrum July, 2011 - 35
IEEE Spectrum July, 2011 - 36
IEEE Spectrum July, 2011 - 37
IEEE Spectrum July, 2011 - 38
IEEE Spectrum July, 2011 - 39
IEEE Spectrum July, 2011 - 40
IEEE Spectrum July, 2011 - 41
IEEE Spectrum July, 2011 - 42
IEEE Spectrum July, 2011 - 43
IEEE Spectrum July, 2011 - 44
IEEE Spectrum July, 2011 - 45
IEEE Spectrum July, 2011 - 46
IEEE Spectrum July, 2011 - 47
IEEE Spectrum July, 2011 - 48
IEEE Spectrum July, 2011 - 49
IEEE Spectrum July, 2011 - 50
IEEE Spectrum July, 2011 - 51
IEEE Spectrum July, 2011 - 52
IEEE Spectrum July, 2011 - 53
IEEE Spectrum July, 2011 - 54
IEEE Spectrum July, 2011 - 55
IEEE Spectrum July, 2011 - 56
IEEE Spectrum July, 2011 - 57
IEEE Spectrum July, 2011 - 58
IEEE Spectrum July, 2011 - 59
IEEE Spectrum July, 2011 - 60
IEEE Spectrum July, 2011 - 61
IEEE Spectrum July, 2011 - 62
IEEE Spectrum July, 2011 - 63
IEEE Spectrum July, 2011 - 64
IEEE Spectrum July, 2011 - 65
IEEE Spectrum July, 2011 - 66
IEEE Spectrum July, 2011 - 67
IEEE Spectrum July, 2011 - 68
IEEE Spectrum July, 2011 - Cover3
IEEE Spectrum July, 2011 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1217
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1117
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1017
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0917
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0817
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0717
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0617
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0517
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0417
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0317
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0217
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0117
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1216
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1116
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1016
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0916
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0816
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0716
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0616
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0516
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0416
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0316
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0216
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0116
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1215
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1115
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1015
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0915
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0815
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0715
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0615
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0515
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0415
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0315
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0215
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0115
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1214
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1114
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1014
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0914
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0814
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0714
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0614
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0514
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0414
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0314
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0214
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0114
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1213
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1113
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1013
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0913
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0813
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0713
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0613
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0513
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0413
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0313
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0213
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0113
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1212
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1112
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1012
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0912
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0812
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0712
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0612
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0512
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0412
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0312
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0212
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0112
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1211
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1111
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1011
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0911
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0811
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0711
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0611
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0511
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0411
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0311
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0211
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0111
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1210
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1110
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1010
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0910
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0810
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0710
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0610
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0510
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0410
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0310
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0210
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0110
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1209
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1109
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1009
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0909
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0809
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0709
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0609
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0509
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0409
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0309
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0209
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0109
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1208
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1108
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1008
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0908
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0808
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0708
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0608
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0508
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0408
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0308
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0208
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0108
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1207
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1107
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1007
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0907
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0807
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0707
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0607
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0507
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0407
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0307
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0207
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0107
https://www.nxtbookmedia.com